Eugene Kaspersky has reiterated his long-standing support for Internet IDs, and called for all SCADA systems to be redesigned around a secure operating system, to protect critical infrastructure from cyber-attack.
SCADA is so vulnerable, Kaspersky told the AusCERT audience: “It’s not possible to protect. Stuxnet told us that modern systems are not protected at all. SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere.”
He said his company’s research suggests that malware costs the world economy $US100 billion each year, and noted other vendors estimates of the total trillion-dollar cybercrime industry mean that, “because of cybercrime, we have the equivalent of two or three Japanese tsunamis a year” of economic damage.
People “need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure. Transportation, power-grids, power plants … it would take us back to the pre-electric era.”
“The only way to protect critical infrastructure – is to redesign SCADA systems based on a secure operating system. It is possible to do, but it requires a redesign of all the software for industrial systems.”
However, Kaspersky said, the only possible way to achieve such a radical redesign of the SCADA world would be with government support. He noted increased government awareness of Internet issues: “Governments have to be leaders … they have to make this world more regulated, more secure. The good news is that finally they recognize that cybercrime is a very serious issue.”
However, at the same time Kaspersky lamented the heavy-handedness of laws such as those being implemented in the UK.
Likewise, Kaspersky said, the increased participation of government in cyberwarfare leads him to believe that escalation is almost inevitable – and, he said, the similarities of different systems around the world means that a cyber-conflict between two countries could result in critical infrastructure attacks in unreleated countries.
“It’s our responsibility to design this world in a more secure way for our children,” was Kaspersky’s conclusion.
#auscert2012
Follow @CSO_Australia and sign up to the CSO Australia newsletter.